Front your MCP tools with a zero-trust gateway that validates schemas on a 5-stage pipeline
The defense-first MCP architecture pattern treats tool discovery like untrusted HTTP ingress: a control point outside the client inspects every tool schema before it reaches the model. It runs a five-stage validation pipeline — stages 01–04 gate the discovery path (every schema, before the model sees it) and stage 05 gates the invocation path (every tool call, even after a clean discovery) — which is the structural defense against tool-poisoning attacks like CVE-2025-54136 that hide instructions in tool descriptions. Builders adding third-party MCP servers should never wire them directly to Claude/Cursor; put a schema-inspecting gateway in front and re-validate on each call, not just at registration.
↳ Follow the thread